src/auth.js

   1 'use strict';
   2
   3 var passport = require('passport'),
   4     path = require('path'),
   5     safe = require('safetydance'),
   6     fs = require('fs'),
   7     bcrypt = require('bcryptjs'),
   8     uuid = require('uuid/v4'),
   9     BearerStrategy = require('passport-http-bearer').Strategy,
  10     LdapStrategy = require('passport-ldapjs').Strategy,
  11     HttpError = require('connect-lastmile').HttpError,
  12     HttpSuccess = require('connect-lastmile').HttpSuccess;
  13
  14 const LOCAL_AUTH_FILE = path.resolve(process.env.LOCAL_AUTH_FILE || './.users.json');
  15 const TOKENSTORE_FILE = path.resolve(process.env.TOKENSTORE_FILE || './.tokens.json');
  16
  17 var tokenStore = {
  18     data: {},
  19     save: function () {
  20         try {
  21             fs.writeFileSync(TOKENSTORE_FILE, JSON.stringify(tokenStore.data), 'utf-8');
  22         } catch (e) {
  23             console.error(`Unable to save tokenstore file at ${TOKENSTORE_FILE}`, e);
  24         }
  25     },
  26     get: function (token, callback) {
  27         callback(tokenStore.data[token] ? null : 'not found', tokenStore.data[token]);
  28     },
  29     set: function (token, data, callback) {
  30         tokenStore.data[token] = data;
  31         tokenStore.save();
  32         callback(null);
  33     },
  34     del: function (token, callback) {
  35         delete tokenStore.data[token];
  36         tokenStore.save();
  37         callback(null);
  38     }
  39 };
  40
  41 // load token store data if any
  42 try {
  43     console.log(`Using tokenstore file: ${TOKENSTORE_FILE}`);
  44     tokenStore.data = JSON.parse(fs.readFileSync(TOKENSTORE_FILE, 'utf-8'));
  45 } catch (e) {
  46     // start with empty token store
  47 }
  48
  49 function issueAccessToken() {
  50     return function (req, res, next) {
  51         var accessToken = uuid();
  52
  53         tokenStore.set(accessToken, req.user, function (error) {
  54             if (error) return next(new HttpError(500, error));
  55             next(new HttpSuccess(201, { accessToken: accessToken, user: req.user }));
  56         });
  57     };
  58 }
  59
  60 passport.serializeUser(function (user, done) {
  61     console.log('serializeUser', user);
  62     done(null, user.uid);
  63 });
  64
  65 passport.deserializeUser(function (id, done) {
  66     console.log('deserializeUser', id);
  67     done(null, { uid: id });
  68 });
  69
  70 var LDAP_URL = process.env.LDAP_URL;
  71 var LDAP_USERS_BASE_DN = process.env.LDAP_USERS_BASE_DN;
  72
  73 if (LDAP_URL && LDAP_USERS_BASE_DN) {
  74     console.log('Using ldap auth');
  75
  76     exports.login = [ passport.authenticate('ldap'), issueAccessToken() ];
  77 } else {
  78     console.log(`Using local user file: ${LOCAL_AUTH_FILE}`);
  79
  80     exports.login = [
  81         function (req, res, next) {
  82             var users = safe.JSON.parse(safe.fs.readFileSync(LOCAL_AUTH_FILE));
  83             if (!users) return res.send(401);
  84             if (!users[req.body.username]) return res.send(401);
  85
  86             bcrypt.compare(req.body.password, users[req.body.username].passwordHash, function (error, valid) {
  87                 if (error || !valid) return res.send(401);
  88
  89                 req.user = {
  90                     username: req.body.username
  91                 };
  92
  93                 next();
  94             });
  95         },
  96         issueAccessToken()
  97     ];
  98 }
  99
 100 var opts = {
 101     server: {
 102         url: LDAP_URL,
 103     },
 104     base: LDAP_USERS_BASE_DN,
 105     search: {
 106         filter: '(|(username={{username}})(mail={{username}}))',
 107         attributes: ['displayname', 'username', 'mail', 'uid'],
 108         scope: 'sub'
 109     },
 110     uidTag: 'cn',
 111     usernameField: 'username',
 112     passwordField: 'password',
 113 };
 114
 115 passport.use(new LdapStrategy(opts, function (profile, done) {
 116     done(null, profile);
 117 }));
 118
 119 exports.verify = passport.authenticate('bearer', { session: false });
 120
 121 passport.use(new BearerStrategy(function (token, done) {
 122     tokenStore.get(token, function (error, result) {
 123         if (error) {
 124             console.error(error);
 125             return done(null, false);
 126         }
 127
 128         done(null, result, { accessToken: token });
 129     });
 130 }));
 131
 132 exports.logout = function (req, res, next) {
 133     tokenStore.del(req.authInfo.accessToken, function (error) {
 134         if (error) console.error(error);
 135
 136         next(new HttpSuccess(200, {}));
 137     });
 138 };
 139
 140 exports.getProfile = function (req, res, next) {
 141     next(new HttpSuccess(200, { username: req.user.username }));
 142 };